You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by di...@apache.org on 2008/06/13 16:01:58 UTC
svn commit: r667546 -
/webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java
Author: dims
Date: Fri Jun 13 07:01:58 2008
New Revision: 667546
URL: http://svn.apache.org/viewvc?rev=667546&view=rev
Log:
adding java2 security checks when creating marshaller/unmarshaller/introspector
Modified:
webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java
Modified: webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java?rev=667546&r1=667545&r2=667546&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java (original)
+++ webservices/axis2/trunk/java/modules/jaxws/src/org/apache/axis2/jaxws/message/databinding/JAXBUtils.java Fri Jun 13 07:01:58 2008
@@ -43,6 +43,7 @@
import java.net.URLDecoder;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
@@ -458,14 +459,14 @@
if (log.isDebugEnabled()) {
log.debug("Unmarshaller created [no pooling]");
}
- return context.createUnmarshaller();
+ return internalCreateUnmarshaller(context);
}
Unmarshaller unm = upool.get(context);
if (unm == null) {
if (log.isDebugEnabled()) {
log.debug("Unmarshaller created [not in pool]");
}
- unm = context.createUnmarshaller();
+ unm = internalCreateUnmarshaller(context);
} else {
if (log.isDebugEnabled()) {
log.debug("Unmarshaller obtained [from pool]");
@@ -474,6 +475,38 @@
return unm;
}
+ private static Unmarshaller internalCreateUnmarshaller(final JAXBContext context) throws JAXBException {
+ Unmarshaller unm;
+ try {
+ unm = (Unmarshaller) AccessController.doPrivileged(
+ new PrivilegedExceptionAction() {
+ public Object run() throws JAXBException {
+ return context.createUnmarshaller();
+ }
+ }
+ );
+ } catch (PrivilegedActionException e) {
+ throw (JAXBException) e.getCause();
+ }
+ return unm;
+ }
+
+ private static Marshaller internalCreateMarshaller(final JAXBContext context) throws JAXBException {
+ Marshaller marshaller;
+ try {
+ marshaller = (Marshaller) AccessController.doPrivileged(
+ new PrivilegedExceptionAction() {
+ public Object run() throws JAXBException {
+ return context.createMarshaller();
+ }
+ }
+ );
+ } catch (PrivilegedActionException e) {
+ throw (JAXBException) e.getCause();
+ }
+ return marshaller;
+ }
+
/**
* Release Unmarshaller Do not call this method if an exception occurred while using the
* Unmarshaller. We object my be in an invalid state.
@@ -504,14 +537,14 @@
if (log.isDebugEnabled()) {
log.debug("Marshaller created [no pooling]");
}
- m = context.createMarshaller();
+ m = internalCreateMarshaller(context);
} else {
m = mpool.get(context);
if (m == null) {
if (log.isDebugEnabled()) {
log.debug("Marshaller created [not in pool]");
}
- m = context.createMarshaller();
+ m = internalCreateMarshaller(context);
} else {
if (log.isDebugEnabled()) {
log.debug("Marshaller obtained [from pool]");
@@ -546,13 +579,19 @@
* @return JAXBIntrospector
* @throws JAXBException
*/
- public static JAXBIntrospector getJAXBIntrospector(JAXBContext context) throws JAXBException {
+ public static JAXBIntrospector getJAXBIntrospector(final JAXBContext context) throws JAXBException {
JAXBIntrospector i = null;
if (!ENABLE_INTROSPECTION_POOLING) {
if (log.isDebugEnabled()) {
log.debug("JAXBIntrospector created [no pooling]");
}
- i = context.createJAXBIntrospector();
+ i = (JAXBIntrospector) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return context.createJAXBIntrospector();
+ }
+ }
+ );
} else {
i = ipool.get(context);
if (i == null) {